check return value of unlink(2) when trying to remove an existing HISTFILE,

since mksh(1) did go into an infinite loop if that fails first bug spotted, initial patch and help drafting a test case From: Decklin Foster <decklin@red-bean.com> note there are more instances of unlink(2) and others (like chmod(2), as spotted by flawfinder) which aren’t checked… but at least the other case of unlink(2) use in histrap.c doesn’t cause any trouble (I think)
2008-07-06 22:41:09 +00:00
parent 667f309387
commit d415592b37
3 changed files with 39 additions and 7 deletions
--- a/histrap.c
+++ b/histrap.c
@@ -3,7 +3,7 @@

 #include "sh.h"

-__RCSID("$MirOS: src/bin/mksh/histrap.c,v 1.64 2008/06/08 17:16:25 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/histrap.c,v 1.65 2008/07/06 22:41:08 tg Exp $");

 /*-
 * MirOS: This is the default mapping type, and need not be specified.
@@ -677,17 +677,27 @@ hist_init(Source *s)
 			if (base != (unsigned char *)MAP_FAILED)
 				munmap((caddr_t)base, hsize);
 			hist_finish();
-			unlink(hname);
+			if (unlink(hname) /* fails */)
+				goto hiniterr;
 			goto retry;
 		}
 		if (hsize > 2) {
+			int rv = 0;
+
 			lines = hist_count_lines(base+2, hsize-2);
 			if (lines > histsize) {
 				/* we need to make the file smaller */
 				if (hist_shrink(base, hsize))
-					unlink(hname);
+					rv = unlink(hname);
 				munmap((caddr_t)base, hsize);
 				hist_finish();
+				if (rv) {
+ hiniterr:
+					bi_errorf("cannot unlink HISTFILE %s"
+					    " - %s", hname, strerror(errno));
+					hsize = 0;
+					return;
+				}
 				goto retry;
 			}
 		}